Posted by: Ed Tittel
It’s probably part of Microsoft’s push to extend uptake of Windows 8.1 beyond the enthusiast/home user level, but I’m seeing some very interesting security improvements in Windows 8.1. Some of them appear designed specifically to appeal to corporate/enterprise users. Here’s a partial list, lifted from a TechEd presentation by Chris Hallum, Senior Product Manager for Windows Client Security at MS (Madrid, 6/26/2013), entitled “What’s New in Blue Security?”
Title slide from the pre-recorded version of Hallum’s presentation.
Here’s an abbreviated list of what Windows 8.1 adds to its security arsenal, with some brief discussion for each item:
- Device encryption, which uses BitLocker encryption technology to encrypt entire devices or storage volumes, as well as sub-containers, for all versions of Windows 8.1. Also works with SkyDrive to store encryption keys securely on the Internet.
- Direct, native support for fingerprint readers: instead of relying on third-party drivers and pass-throughs, Windows 8.1 will interact directly with fingerprint scanners and other biometric devices for which native Windows 8.1 drivers are available. Thus, you’ll be able to use the fingerprint scanner throughout OS operation, instead of as a login feature for UAC prompts, Windows Store access, and other password- or access-protected Windows features.
- Remote business data removal supports partial wipes of personal laptops or devices, to remove corporate data while leaving personal data alone (valuable for situations where BYOB devices are used, as is increasingly common these days). Admins can use this to schedule deletion of specific data assets on a PC whenever it checks in with a server on the Internet.
- Support for a wider range of VPN clients, including the ability for third-party apps to initiate VPN sessions automatically (a list of supported elements isn’t yet available, or I simply can’t find it).
- Windows Defender adds network behavior monitoring, so it can detect and stop execution of known malware, or software behaving suspiciously (presumably, unrecognized malware).
- Improved security software tie-ins for Internet Explorer 11, especially for anti-malware programs, plus default enablement of the Enhanced Protected Mode (EPM) operation introduced with IE10.
Looking over this list of features, I see them aimed much more toward business and enterprise operations than toward single or family user situations, or even the lower end of the SMB spectrum. If Microsoft gets the desired results from these additions, those results would have to include increased adoption in the business computing space.